Hi, HAProxy 2.4-dev2 was released on 2020/12/01. It added 43 new commits after version 2.4-dev1.
Given that 2.4-dev1 experienced a few hickups, I preferred to emit a replacement one quickly to help with testing. We've spent more than one week dealing with races in threads and other issues, it was not exactly fun, but the good news is that once all of these are addressed at once, we're expected to get a better experience again. Roughly out of my head, there was a data filter keeping some data stuck and backend connection established (that caused me to temporarily revert on haproxy.org but it's been OK for one week now), health checks using a their own buffers that were not compatible with H2, memory barrier issues on some ARM machines having stricter ordering requirements (the AWS Graviton2 CPU uses awesome ARM Neoverse-N1 cores but you have to be kind with them), and a missing error handling in the peers code that was woken up by my previous fix, causing endless loops and panics on truncated messages. Among the few other things, some users noticed that the default log format was accidently changed in 2.3 when introducing the new formats, because the host name is now always being sent while in the past it was sent only when "log-send-hostname" was set. Emeric changed this to turn back to the old behavior by adding a new "local" message format that's suitable for use with a local logger and made it the default instead of rfc3164. This will be backported to 2.3 to avoid some pain dealing with the logs. The cache was improved to start to support the Vary header (still limited to Accept-Encoding and Referer for now) but some more work is currently ongoing in this area. Layer 7 retries now support HTTP 401 and 403 status codes. It's obviously not recommended but if you do this you probably know this already. The tcp checks can now enforce the ok-status that may be used to turn a server to soft-stop mode for example (equivalent to disable-on-404). And The rest are basically cleanups. A side note for those running haproxy on AWS's new ARM machines (t4g, m6g, c6g, r6g): I could test the impact of the new ARMv8.1 atomic instructions supported by these CPUs, and the gains in scalability are tremendous, with 16 cores I could observe a jump from 101k to 420k req/s. Said differently, the older ones bring a huge overhead. If you're using haproxy there, do not forget to add "CPU=native" to your build line to benefit from this, and you'll probably need a much smaller machine for the same workload. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.4/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (13): BUG/MAJOR: filters: Always keep all offsets up to date during data filtering BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool MINOR: tcpcheck: Don't handle anymore in-progress connect rules in tcpcheck_main MINOR: config: Deprecate and ignore tune.chksize global option MINOR: config: Add a warning if tune.chksize is used REORG: tcpcheck: Move check option parsing functions based on tcp-check MINOR: check: Always increment check health counter on CONPASS MINOR: tcpcheck: Add support of L7OKC on expect rules error-status argument DOC: config: Make disable-on-404 option clearer on transition conditions DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check Emeric Brun (1): BUG/MEDIUM: local log format regression. Ilya Shipitsin (5): CLEANUP: remove unused function "ssl_sock_is_ckch_valid" BUILD: SSL: add BoringSSL guarding to "RAND_keep_random_devices_open" BUILD: SSL: do not "update" BoringSSL version equivalent anymore CI: github actions: update LibreSSL to 3.3.0 CI: github actions: enable 51degrees feature Joao Morais (1): DOC: better describes how to configure a fallback crt Julien Pivotto (1): MINOR: stream: Add level 7 retries on http error 401, 403 Maciej Zdeb (2): BUG/MEDIUM: http_act: Restore init of log-format list DOC: Clarify %HP description in log-format Olivier Houchard (1): BUG/MEDIUM: lists: Lock the element while we check if it is in a list. Remi Tricot-Le Breton (5): MINOR: cache: Prepare helper functions for Vary support MEDIUM: cache: Add the Vary header support MINOR: cache: Add a process-vary option that can enable/disable Vary processing DOC: cache: Add new caching limitation information DOC: cache: Add information about Vary support Tim Duesterhus (4): BUILD: Make DEBUG part of .build_opts BUILD: Show the value of DEBUG= in haproxy -vv CI: Set DEBUG=-DDEBUG_STRICT=1 in GitHub Actions BUG/CRITICAL: cache: Fix trivial crash by sending accept-encoding header Willy Tarreau (9): BUG/MAJOR: peers: fix partial message decoding DOC: better document the config file format and escaping/quoting rules MINOR: fd/threads: silence a build warning with threads disabled MINOR: debug: add "debug dev sched" to stress the scheduler. MINOR: debug: add a trivial PRNG for scheduler stress-tests MINOR: task: remove tasklet_insert_into_tasklet_list() MINOR: task: perform atomic counter increments only once per wakeup MINOR: task: remove __tasklet_remove_from_tasklet_list() BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link Your Name (1): MINOR: plock: use an ARMv8 instruction barrier for the pause instruction ---